Use this IDA python plugin to scan your binary with yara rules. All the yara rule matches will be listed with their offset so you can quickly hop to them!All credit for this plugin and the code goes to David Berard (@p0ly)This plugin is copied from David’s...

Microsoft signed DLL for the ActiveDirectory PowerShell moduleJust a backup for the Microsoft’s ActiveDirectory PowerShell module from Server 2016 with RSAT and module installed. The DLL is usually found at this path:...

frida-wshook is an analysis and instrumentation tool which uses frida.re to hook common functions often used by malicious script files which are run using WScript/CScript. The tool intercepts Windows API functions and doesn’t implement function stubs or proxies...